CVE-2024-28665 – DedeCMS v5.7 contains a Cross-Site Request Forg... (How to Fix)

Q: What is the severity of CVE-2024-28665?

CVE-2024-28665 has a CVSS score of 8.8 (HIGH). DedeCMS v5.7 contains a Cross-Site Request Forgery (CSRF) vulnerability in the article_add.php component that allows attackers to trick authenticated administrators into performing unauthorized actions. This affects all DedeCMS v5.7 installations with administrative interfaces accessible to users. Attackers can exploit this to create, modify, or delete content without the administrator's knowledge.

📋 TL;DR

DedeCMS v5.7 contains a Cross-Site Request Forgery (CSRF) vulnerability in the article_add.php component that allows attackers to trick authenticated administrators into performing unauthorized actions. This affects all DedeCMS v5.7 installations with administrative interfaces accessible to users. Attackers can exploit this to create, modify, or delete content without the administrator's knowledge.

💻 Affected Systems

Products:

DedeCMS

Versions: v5.7

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated administrator session; affects web interface only.

📦 What is this software?

Dedecms by Dedecms

View all CVEs affecting Dedecms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could gain administrative control over the CMS, deface websites, inject malicious content, or create backdoor accounts leading to complete system compromise.

🟠

Likely Case

Unauthorized content creation/modification, website defacement, or injection of malicious scripts/links affecting site visitors.

🟢

If Mitigated

Limited impact with proper CSRF protections, though some administrative actions could still be triggered if other vulnerabilities exist.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires social engineering to trick authenticated administrators into clicking malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing CSRF protections manually.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all administrative forms and validate them on submission.

Modify article_add.php and related files to include and validate CSRF tokens

Restrict Administrative Access

all

Limit access to administrative interfaces to trusted IP addresses only.

Add IP-based restrictions to .htaccess or web server configuration for /dede/ directory

🧯 If You Can't Patch

Implement strict SameSite cookie policies for session cookies
Require re-authentication for sensitive administrative actions

🔍 How to Verify

Check if Vulnerable:

Check if /dede/article_add.php exists and lacks CSRF token validation in form submissions.

Check Version:

Check DedeCMS version in system configuration or admin panel.

Verify Fix Applied:

Verify that all administrative forms include and validate unique CSRF tokens before processing requests.

📡 Detection & Monitoring

Log Indicators:

Multiple article creation/modification requests from same IP without corresponding form submissions
Unusual administrative activity patterns

Network Indicators:

HTTP POST requests to /dede/article_add.php without Referer headers or with suspicious origins

SIEM Query:

source="web_logs" AND uri="/dede/article_add.php" AND method="POST" AND NOT referer="*dede*"

📊 Metadata

CVE ID: CVE-2024-28665

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: March 13, 2024

Last Updated: April 1, 2025

🔗 References

https://github.com/777erp/cms/blob/main/1.md Exploit,Third Party Advisory
https://github.com/777erp/cms/blob/main/1.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28665, you might also want to check these: